Updating KeyControl Node IP Addresses on an Individual VM
If the KeyControl nodes in a cluster change, you need to update the IP address list on each Policy Agent unless you have specified a KeyControl Mapping for the VMs. KeyControl Mapping changes are done through KeyControl and are communicated to each associated VM on the VM's next heartbeat. For more information, see High Availability Between a VM and the KeyControl Cluster.
Procedure
For each VM registered with this KeyControl cluster:
- For Linux, log into the VM as
root. For Windows, log in as a System Administrator and open a Command Prompt or start Windows PowerShell. -
Enter the
hcl updatekc kc_hostname[:port],kc_hostname[:port],kc_hostname[:port],...command wherekc_hostname,kc_hostname,kc_hostname...is a comma-separated list of the KeyControl node IP addresses or hostnames andportis an optional port number (the default is port 443). If you are entering the command on Windows, use quotes around the list of hostnames.The first KeyControl node in the list will be considered the primary node, and the VM will always attempt to reach KeyControl through that node first. If that node is unavailable, the VM will try the other nodes in the list in order until it finds a KeyControl node that it can communicate with.
For example, if you want to specify the KeyControl node named
kc-chicagoas your primary node and the nodes10.238.66.234andkc-bangaloreon port 447 as your second and third nodes, you would specify:Linux:
# hcl updatekc kc-chicago,10.238.66.234,kc-bangalore:447Windows:
C:\>(Note thehcl updatekc "kc-chicago,10.238.66.234,kc-bangalore:447"" "around the hostname list for Windows.)
| Important: | The list you specify overwrites any existing list on the Policy Agent. So if the Policy Agent is currently connected to three KeyControl nodes and you remove one, you must specify the two remaining nodes with the updatekc command. The third node will be removed automatically. Similarly, if you add a fourth KeyControl node, you must specify all four IP addresses with the updatekc command. If you only specify the new KeyControl node, then that becomes the only node that the Policy Agent will communicate with. |
To verify the connection status, enter the hcl status command, as shown. The first line shows the KeyControl that the VM is currently communicating with and the second line shows the three KeyControl nodes available to the VM.
C:\> hcl status Summary --------------------------------------------------- KeyControl: kc-chicago:443 KeyControl list: kc-chicago:443,10.238.66.234:443,kc-bangalore:447 Status: Connected
|
Follow us: |
